Porn ‘playground’ on sites turning Harvard crimson

Credit: Stuart Cahill

Students sit in Harvard Yard at Harvard University in Cambridge yesterday.

Credit: Stuart Cahill

Harvard University banners hang from Memorial Church in Harvard Yard in Cambridge yesterday.

prevnext

Crimson-faced Harvard University officials learned a tough lesson in sex “edu” after they were forced to scrub pornographic images splashed across the Ivy League school’s Web domain by hackers and spammers.

“It’s very shocking to me,” said Stephen Chapman, who writes the “SEO Whistleblower” tech blog for ZDNet.com and recently discovered the dark side of the Harvard.edu domain.

Chapman, an expert in online search engines, said he found all manner of raunchy images and links popping up in unmoderated forums and sites on publicly available sites.

“I was just kind of lucky I found what I did,” he said.

In an online expose, titled “Harvard.edu: An Ivy League Pornographic Playground,” Chapman noted a Harvard physics council Wiki site and a Harvard Law blog that appear to be infiltrated with explicit language and pictures of naked women.

The university’s student newspaper, The Crimson, picked up the story and by yesterday Harvard had painstakingly scrubbed its domain of the nasty material Chapman located.

“We are aware that a number of Harvard servers were affected last week and we are addressing the issue,” Harvard spokesman Kevin Galvin said.

Yet the issue of spamming unmoderated forums and sites that allow users to edit and add content, called wikis, is not one that is easily fixed. Just as spammers can bombard e-mail accounts, they often do the same to Web sites.

Chapman found other tasteless content hidden within plain sight on pages within Massachusetts Institute of Technology’s domain. Another victim: Boston University, where Chapman found a plethora of X-rated images on the school’s network.

BU and MIT were moving to address the problems yesterday.

Chapman said there are ways to protect Web sites from being spammed: Be sure not to have internal directories that are publicly accessible and lock down all the parent directories that contain the guts of Web sites.